CVE-2025-62360

HIGH

WeGIA < 3.5.1 - SQL Injection via id_dependente Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-62360. PoCs published by onurdemir.

AI-analyzed exploit summary This script demonstrates a SQL injection vulnerability in WeGIA 3.5.0 by authenticating with provided credentials and injecting a payload into the 'id_dependente' parameter. It extracts the result from the response, confirming exploitation.

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.

Exploits (1)

exploitdb WORKING POC
by onurdemir · bashwebappsphp
https://www.exploit-db.com/exploits/52483

This script demonstrates a SQL injection vulnerability in WeGIA 3.5.0 by authenticating with provided credentials and injecting a payload into the 'id_dependente' parameter. It extracts the result from the response, confirming exploitation.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WeGIA <=3.5.0
Auth required
Prerequisites: valid credentials · access to the login endpoint
devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0008
EPSS Percentile 24.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
wegia/wegia < 3.5.1
Published Oct 13, 2025
Tracked Since Feb 18, 2026